Digital content providers seek to restrict usage of their audio visual contents by implementing conditional access. One such scenario is the security aspects of digital video broadcasting via satellite (DVB-S). There has been a history of attacks on this technology to circumvent any security measures and some techniques have been countered by the deployment of customized receivers. The crucial key of the security gap is that when an open receiver (even the proprietary one) comes into the possession of the user, it cannot be considered trusted. The user domain is an untrusted one and could be subject to standalone or colluding user attacks. Any software solution at the user domain must be therefore subjected to the so-called white box cryptography, a relatively recent research domain focusing on the protecting mechanism of a secret even if it is deployed with untrustworthy or easily exposed software execution.
Alternative solution is based on anti-tampered hardware. The introduction of a physical hardware component—like a smart cards—with a built-in processor aims to provide a trust in an unsecured environment of a receiver. It is believed that the answer lies in the smart card: this is the only trusted entity at the client end.
It is worth noting that the presence of a smart card does not resolve all threats to security. Thanks to the flexibility, well modularized structure of the open receivers, fraudulent user can still compromise the system with such “unbreakable” hardware component like smart cards. By spying the communication between the descrambler and a given smart card, a hacker can extract the necessary key for the descrambling process. The key is then distributed in mass to other illegal receiver, allowing clients (without subscription to the authorized content provider) to access the protected programs.
Admitting that conditional access never provides an absolute security, digital content providers try to deploy watermarking techniques in an audio visual content to insert automatically a unique identifier dedicated to each demanding user whenever he/she requests that content. Such identifier can be probably retrieved from an illegally distributed content. The malicious user can then be identified.
Several problems must be solved to enable the incorporation of the watermarking into the broadcasting chain. Among the others, they are the followings:                Find a way to insert unique information—an Identifier (ID)—about the targeted (authorized) client/user inside the delivered audio-visual content itself;        The impact of inserting the ID must be minimum. That is the marked content has an audiovisual degradation tolerance, which can be parameterized/adjusted to fit the specific requirements of a given application;        The ID should be inserted directly in the compressed content;        The ID is rather inserted at the client's side, to identify the device that has decrypted the content;        The insertion of ID into compressed content should not lead to an avalanche effect in the content due to drift effect. For the efficiently compressed content with arithmetic coder like H.264 CABAC, the constrained compensation is crucial to reduce the additional time of treatment.        The insertion of ID does not perturb the original bitrate of the content stream.        The potential extra bandwidth for supplementary data as well as its treatment is relatively low and easily handled.        The ID can be inserted in the lowest layer of packetization for transmission to reduce the buffering and complex parsing facilities        The ID must be robust enough to survive from diverse signal processing operations, possibly performed by hackers or by the nature of the transmission channel.        
One prior art method for watermarking compressed content is to insert watermark signals in the structure and syntax elements. U.S. Pat. No. 6,687,384 is an example for embedding data in syntax elements in a coded bit stream such as MPEG-1 and MPEG-2. Such watermarks do not, however, survive after format change or digital-analog conversion.
Another prior art, U.S. Pat. No. 7,058,809 introduces in a preprocessing phase at least 2 watermarked versions of the same content. The variant contents are then encrypted and partially combined in a unique manner for each targeted user. Pre-watermarking content twice seems to be a cumbersome process.
Yet in other prior arts, some special segments of compressed data are identified and modified directly. These segments are special because they can be replaced with at least an alternative one without severe impact to the final content. This bi-state of each segment can be exploited to carry one-bit of hidden ID. EP 2 204 979, U.S. Pat. No. 6,285,774, U.S. Pat. No. 7,003,131, WO 2007/067168 and WO 2010/003152 propose several ways to identify such carrier segment of data in the compressed domain. The common key-technique of these arts is a pure watermarking technique, which tends to minimize the impact on the quality of the content. The marked content are then protected separately with a conventional encryption technique
In the prior application deposited also by the author of the present application, WO2008081113, a combined technique for marking and encrypting was taught to improve the security thanks to the coincidence of these 2 operations. The drawback of this technique is the requirement of 2 (virtual) streams, which produces the additional complexity for the synchronization and existing multiplexing.